aggressive caching, other changes

Author: breardon2011

ui/server-start.js

@@ -77,9 +77,11 @@ const server = createServer(async (req, res) => {
     const ssrTime = Date.now() - ssrStart;
 
     // Log SSR timing with request details for profiling
-    if (ssrTime > 1000) {
+    if (ssrTime > 2000) {
+      console.log(`🔥 VERY SLOW SSR: ${req.method} ${pathname} took ${ssrTime}ms`);
+    } else if (ssrTime > 1000) {
       console.log(`⚠️  SLOW SSR: ${req.method} ${pathname} took ${ssrTime}ms`);
-    } else if (ssrTime > 200) {
+    } else if (ssrTime > 500) {
       console.log(`⏱️  SSR: ${req.method} ${pathname} took ${ssrTime}ms`);
     } else if (process.env.DEBUG === 'true') {
       console.log(`✅ SSR: ${req.method} ${pathname} took ${ssrTime}ms`);

ui/src/authkit/serverFunctions.ts

@@ -134,10 +134,24 @@ export const ensureOrgExists = createServerFn({method: 'GET'})
 export const getWidgetsAuthToken = createServerFn({method: 'GET'})
     .inputValidator((args: {userId: string, organizationId: string, scopes?: WidgetScope[]}) => args)
     .handler(async ({data: {userId, organizationId, scopes}}) : Promise<string> => {
-  return getWorkOS().widgets.getToken({
+  // Check cache first
+  const cached = serverCache.getWidgetToken(userId, organizationId);
+  if (cached) {
+    console.log(`✅ Widget token cache hit for ${userId}:${organizationId}`);
+    return cached;
+  }
+  
+  // Cache miss - generate new token
+  console.log(`❌ Widget token cache miss, generating new token for ${userId}:${organizationId}`);
+  const token = await getWorkOS().widgets.getToken({
     userId: userId,
     organizationId: organizationId,
     scopes: scopes ?? ['widgets:users-table:manage'] as WidgetScope[],
   });
+  
+  // Store in cache
+  serverCache.setWidgetToken(userId, organizationId, token);
+  
+  return token;
 })
 

ui/src/authkit/ssr/workos_api.ts

@@ -23,10 +23,22 @@ export async function createOrgForUser(userId: string, orgName: string) {
 
 export async function listUserOrganizationMemberships(userId: string) {
   try {
+    // Check cache first
+    const cachedMemberships = serverCache.getUserMemberships(userId);
+    if (cachedMemberships) {
+      console.log(`✅ User memberships cache hit for ${userId}`);
+      return cachedMemberships;
+    }
+    
+    // Cache miss - fetch from WorkOS
+    console.log(`❌ User memberships cache miss, fetching from WorkOS for ${userId}`);
     const memberships = await getWorkOS().userManagement.listOrganizationMemberships({
       userId,
     });
 
+    // Store full membership objects in cache
+    serverCache.setUserMemberships(userId, memberships.data);
+    
     return memberships.data;
   } catch (error) {
     console.error('Error fetching user memberships:', error);
@@ -55,9 +67,22 @@ export async function getOrganisationDetails(orgId: string) {
 
 export async function getOranizationsForUser(userId: string) {
   try {
+    // Check cache first
+    const cachedMemberships = serverCache.getUserMemberships(userId);
+    if (cachedMemberships) {
+      console.log(`✅ Organizations cache hit for ${userId}`);
+      return cachedMemberships;
+    }
+    
+    // Cache miss - fetch from WorkOS
+    console.log(`❌ Organizations cache miss, fetching from WorkOS for ${userId}`);
     const memberships = await getWorkOS().userManagement.listOrganizationMemberships({
       userId: userId,
     });
+    
+    // Store full membership objects in cache
+    serverCache.setUserMemberships(userId, memberships.data);
+    
     return memberships.data;
   } catch (error) {
     console.error('Error fetching user organizations:', error);

ui/src/lib/cache.server.ts

@@ -1,6 +1,6 @@
-// Server-side in-memory cache for WorkOS organization details ONLY
+// Aggressive server-side caching for WorkOS data
 // 
-// ⚠️ IMPORTANT: This cache is ONLY for WorkOS organization metadata (name, id)
+// ⚠️ IMPORTANT: This cache is ONLY for WorkOS metadata
 // DO NOT cache core application data like:
 // - Units, unit versions, unit status
 // - Projects, project status
@@ -16,12 +16,27 @@ interface CacheEntry<T> {
   expiresAt: number;
 }
 
-class OrgCache {
+interface UserMembership {
+  userId: string;
+  memberships: any[]; // Store full membership objects from WorkOS
+}
+
+class AggressiveWorkOSCache {
+  // Organization cache - 30 minutes (org names rarely change)
   private readonly orgCache = new Map<string, CacheEntry<Organization>>();
-  
-  // Cache organization details for 5 minutes
-  // Org names/details rarely change, so this is safe
-  private readonly ORG_TTL = 5 * 60 * 1000;
+  private readonly ORG_TTL = 30 * 60 * 1000; // 30 minutes
+
+  // User memberships cache - 15 minutes (users don't switch orgs often)
+  private readonly membershipCache = new Map<string, CacheEntry<UserMembership>>();
+  private readonly MEMBERSHIP_TTL = 15 * 60 * 1000; // 15 minutes
+
+  // Widget tokens cache - 5 minutes (tokens expire quickly)
+  private readonly widgetTokenCache = new Map<string, CacheEntry<string>>();
+  private readonly WIDGET_TOKEN_TTL = 5 * 60 * 1000; // 5 minutes
+
+  // ============================================================================
+  // ORGANIZATION CACHE
+  // ============================================================================
 
   getOrg(orgId: string): Organization | null {
     const entry = this.orgCache.get(orgId);
@@ -46,26 +61,125 @@ class OrgCache {
     this.orgCache.delete(orgId);
   }
 
-  // Clear expired entries periodically
+  // ============================================================================
+  // USER MEMBERSHIPS CACHE
+  // ============================================================================
+
+  getUserMemberships(userId: string): any[] | null {
+    const entry = this.membershipCache.get(userId);
+    if (!entry) return null;
+    
+    if (Date.now() > entry.expiresAt) {
+      this.membershipCache.delete(userId);
+      return null;
+    }
+    
+    return entry.data.memberships;
+  }
+
+  setUserMemberships(userId: string, memberships: any[]): void {
+    this.membershipCache.set(userId, {
+      data: { userId, memberships },
+      expiresAt: Date.now() + this.MEMBERSHIP_TTL,
+    });
+  }
+
+  clearUserMemberships(userId: string): void {
+    this.membershipCache.delete(userId);
+  }
+
+  // ============================================================================
+  // WIDGET TOKEN CACHE
+  // ============================================================================
+
+  getWidgetToken(userId: string, orgId: string): string | null {
+    const key = `${userId}:${orgId}`;
+    const entry = this.widgetTokenCache.get(key);
+    if (!entry) return null;
+    
+    if (Date.now() > entry.expiresAt) {
+      this.widgetTokenCache.delete(key);
+      return null;
+    }
+    
+    return entry.data;
+  }
+
+  setWidgetToken(userId: string, orgId: string, token: string): void {
+    const key = `${userId}:${orgId}`;
+    this.widgetTokenCache.set(key, {
+      data: token,
+      expiresAt: Date.now() + this.WIDGET_TOKEN_TTL,
+    });
+  }
+
+  clearWidgetToken(userId: string, orgId: string): void {
+    const key = `${userId}:${orgId}`;
+    this.widgetTokenCache.delete(key);
+  }
+
+  // ============================================================================
+  // CACHE MANAGEMENT
+  // ============================================================================
+
   cleanExpired(): void {
     const now = Date.now();
+    
+    // Clean org cache
     for (const [key, entry] of this.orgCache.entries()) {
       if (now > entry.expiresAt) {
         this.orgCache.delete(key);
       }
     }
+    
+    // Clean membership cache
+    for (const [key, entry] of this.membershipCache.entries()) {
+      if (now > entry.expiresAt) {
+        this.membershipCache.delete(key);
+      }
+    }
+    
+    // Clean widget token cache
+    for (const [key, entry] of this.widgetTokenCache.entries()) {
+      if (now > entry.expiresAt) {
+        this.widgetTokenCache.delete(key);
+      }
+    }
   }
 
-  // Get cache stats for monitoring
   getStats() {
     return {
       orgCacheSize: this.orgCache.size,
+      membershipCacheSize: this.membershipCache.size,
+      widgetTokenCacheSize: this.widgetTokenCache.size,
     };
   }
+
+  // Invalidate all caches for a user (when they switch orgs, etc.)
+  invalidateUser(userId: string): void {
+    this.clearUserMemberships(userId);
+    // Clear all widget tokens for this user
+    for (const key of this.widgetTokenCache.keys()) {
+      if (key.startsWith(`${userId}:`)) {
+        this.widgetTokenCache.delete(key);
+      }
+    }
+  }
+
+  // Invalidate all caches for an org (when org details change)
+  invalidateOrg(orgId: string): void {
+    this.clearOrg(orgId);
+    // Clear all widget tokens for this org
+    for (const key of this.widgetTokenCache.keys()) {
+      if (key.endsWith(`:${orgId}`)) {
+        this.widgetTokenCache.delete(key);
+      }
+    }
+  }
 }
 
 // Single instance per server process
-export const serverCache = new OrgCache();
+export const serverCache = new AggressiveWorkOSCache();
 
 // Clean up expired entries every minute
 setInterval(() => serverCache.cleanExpired(), 60 * 1000);

ui/src/lib/token-cache.server.ts

@@ -0,0 +1,61 @@
+// Token verification cache - tokens are validated frequently in TFE proxy
+// Cache valid tokens for 5 minutes to avoid repeated verification calls
+
+interface TokenCacheEntry {
+  userId: string;
+  userEmail: string;
+  orgId: string;
+  expiresAt: number;
+}
+
+class TokenCache {
+  private readonly cache = new Map<string, TokenCacheEntry>();
+  private readonly TTL = 5 * 60 * 1000; // 5 minutes
+
+  get(token: string): TokenCacheEntry | null {
+    const entry = this.cache.get(token);
+    if (!entry) return null;
+    
+    if (Date.now() > entry.expiresAt) {
+      this.cache.delete(token);
+      return null;
+    }
+    
+    return entry;
+  }
+
+  set(token: string, userId: string, userEmail: string, orgId: string): void {
+    this.cache.set(token, {
+      userId,
+      userEmail,
+      orgId,
+      expiresAt: Date.now() + this.TTL
+    });
+  }
+
+  clear(token: string): void {
+    this.cache.delete(token);
+  }
+
+  cleanExpired(): void {
+    const now = Date.now();
+    for (const [token, entry] of this.cache.entries()) {
+      if (now > entry.expiresAt) {
+        this.cache.delete(token);
+      }
+    }
+  }
+
+  getStats() {
+    return {
+      size: this.cache.size,
+      entries: Array.from(this.cache.keys()).length
+    };
+  }
+}
+
+export const tokenCache = new TokenCache();
+
+// Clean expired tokens every minute
+setInterval(() => tokenCache.cleanExpired(), 60 * 1000);
+

ui/src/routes/__root.tsx

@@ -13,9 +13,26 @@ import { getPublicServerConfig, type Env } from '@/lib/env.server';
 
 export const Route = createRootRoute({
   beforeLoad: async () => {
-    const { auth, organisationId } = await getAuth();
-    const organisationDetails = organisationId ? await getOrganisationDetails({data: {organizationId: organisationId}}) : null;
-    const publicServerConfig : Env = await getPublicServerConfig()
+    const startRootLoad = Date.now();
+    
+    // Run auth and config in parallel (they don't depend on each other)
+    const [authResult, publicServerConfig] = await Promise.all([
+      getAuth(),
+      getPublicServerConfig()
+    ]);
+    
+    const { auth, organisationId } = authResult;
+    
+    // Get org details if we have an orgId (this depends on auth)
+    const organisationDetails = organisationId 
+      ? await getOrganisationDetails({data: {organizationId: organisationId}}) 
+      : null;
+    
+    const totalTime = Date.now() - startRootLoad;
+    if (totalTime > 500) {
+      console.log(`⚠️  Root loader took ${totalTime}ms`);
+    }
+    
     return { user: auth.user, organisationId, role: auth.role, organisationName: organisationDetails?.name, publicServerConfig };
   },
   head: () => ({

ui/src/routes/_authenticated/_dashboard/dashboard/units.index.tsx

@@ -31,8 +31,22 @@ export const Route = createFileRoute(
   component: RouteComponent,
   pendingComponent: PageLoading,
   loader: async ({ context }) => {
+    const startLoad = Date.now();
     const { user, organisationId } = context;
-    const unitsData = await listUnitsFn({data: {organisationId: organisationId || '', userId: user?.id || '', email: user?.email || ''}})
+    
+    const unitsData = await listUnitsFn({
+      data: {
+        organisationId: organisationId || '', 
+        userId: user?.id || '', 
+        email: user?.email || ''
+      }
+    });
+    
+    const loadTime = Date.now() - startLoad;
+    if (loadTime > 1000) {
+      console.log(`⚠️  Units loader took ${loadTime}ms (listUnits call)`);
+    }
+    
     return { unitsData: unitsData, user, organisationId } 
   }
 })

ui/src/routes/api/auth/workos/switch-org.tsx

@@ -3,6 +3,7 @@ import { decodeJwt } from 'jose'
 import { getWorkOS } from '@/authkit/ssr/workos'
 import { getSessionFromCookie, saveSession } from '@/authkit/ssr/session'
 import type { AccessToken } from '@workos-inc/node'
+import { serverCache } from '@/lib/cache.server'
 
 export const Route = createFileRoute('/api/auth/workos/switch-org')({
   server: {
@@ -31,6 +32,12 @@ export const Route = createFileRoute('/api/auth/workos/switch-org')({
             })
 
             await saveSession(refreshResult)
+            
+            // Invalidate cache for this user when switching orgs
+            if (session.user?.id) {
+              serverCache.invalidateUser(session.user.id);
+              console.log(`🔄 Cache invalidated for user ${session.user.id} (org switch)`);
+            }
           } catch (err: any) {
             const code = err?.error
             if (code === 'sso_required' || code === 'mfa_enrollment') {